Configuring the IPsec Interface

TNSR supports routed IPsec via the ipsecX interface. The number of the ipsec interface corresponds to the index number of the tunnel set previously. For example ipsec tunnel 0 is ipsec0, and ipsec tunnel 2 is ipsec2.

These IPsec interfaces are used to configure routed IPsec connectivity and they behave like most other interfaces. For example, they can have access lists defined to filter traffic.

The ipsecX interface should be configured with an IP address and the peer will have its own IP address in the same subnet. This allows the two endpoints to communicate directly over the IPsec interface and also gives the peer an address through which traffic for other subnets may be routed. When configured in this way, it acts like a directly connected point-to-point link to the peer.

IPsec Interface Example

In this example, the ipsec0 interface is given an address of 172.32.0.1/30. The remote peer will be 172.32.0.2/30

tnsr(config)# interface ipsec0
tnsr(config-interface)# ip address 172.32.0.1/30
tnsr(config-interface)# exit